Cybersecurity Issues and Challenges in Industry 4.0

Introduction

The evolution from Industry 1.0 as steam-powered machines towards Industry 4.0 as cyber physical systems (CPS) has brought many benefits in productivity, efficiency, revenues, customer experience, and profitability, but also imposes many challenges as managing human factors, often a critical element in several domains (Fontaine et al, 2016). One of the challenges is to manage and secure large amount of data generated from Internet-of-Things (IoT) devices that provide many entry points for an intruder (a person who attempts to gain unauthorized access to a system in order to compromise system availability, data Integrity or data Confidentiality) in the form of a threat to exploit new and existing vulnerabilities within the IoT network. Today, more and more organizations and businesses understand that an efficient flow of secured information creates major benefits, both economically and with greater customer satisfaction. To remain proficient and responsive, business processes must permanently transform themselves in this technological world of Industry 4.0 (Figure 1).

Figure 1.

Industry 4.0

Industry 4.0 is a national strategic initiative from the German government where numerous elements comprising industrial systems are being interfaced with internet communication technologies to form the smart factories and manufacturing organizations of the future (Thames and Schaefer, 2017). The IoT connected devices itself is a superb innovation, but it also presents numerous points of entry for malicious activities. Figure 2 shows the number of connected IoT devices from year 2012 to 2025.

Figure 2.

Number of connected IoT devices from year 2012 to 2025 (Columbus, 2016)

The IoT and internet communication technologies are plagued by cybersecurity issues that will present major challenges and barricades for adopters of Industry 4.0 technologies. If these challenges are not addressed, the true potential of Industry 4.0 may never be attained. Cybersecurity is defined as “preservation of confidentiality, integrity and availability of information in the Cyberspace” (ISO/IEC 27032) and Cyberspace is defined as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form” (ISO/IEC 27032). The main focus of the cybersecurity discourse is cyber-attacks (both passive and active), which are possibly destructive events. These attacks are:

• •

  Passive Attack: In this type of attack, attacker’s goal is to obtain information only. He does not modify data or harm the system. This type of attack is difficult to detect until sender or receiver finds out about the leaking of confidential information. It can be prevented by one of the methods like encipherment. Examples of this attack are tapping, snooping, traffic analysis, eavesdropping, port scanning Espionage based attacks that steal data and information etc. This type of attack harms the confidentiality of information.

• •

  Active Attack: In this type of attack, attacker’s goal is not only to obtain information but he will modify it or harm the system. This attack is easier to detect than to prevent. Examples of this attack are modification, replay, repudiation, denial of service (DOS / DDOS), Man-in-the-middle attack, SQL Injection, virus, worm, logic bomb, etc.

Some more examples of cyberattacks are Malware, Phishing, Cross-Site scripting, Botnets, Social Botnets, Espionage based attacks that steal data and information, Drive-by-downloads, Last Mile Interceptions, Transmission Bugs / Intercepts, Critical Infrastructure, Cyber Kidnapping, Cyber Extortion, Hacktivisim, etc. The impact of these cyber-attacks on industries are: